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DETAILED ACTION 

1 . Claims 1 -1 7 and 1 9-27 remain for examination. The amendment filed 8/20/1 0 
amended claims 1, 2, 16, 17, 19, 21, 25, and 26. 

Response to Arguments 

2. Applicant's arguments filed 8/20/10 have been fully considered but they are not 
persuasive. First, with respect to Applicant's argument against art allegedly not on the 
record (amendment, page 8), Applicant argues: 

The Office appears to rely on a proposition that search engines do not churn out 
thousands of hits without analysis of relevance to the query initially provided by the user. 
In doing so, the Office impermissibly relies on art that is not of record. (See BPAI 
Decision on Appeal 2009-003351, page 17.) The cited prior art does not discuss the inner 
workings of search engines. 

Examiner submits that Applicant has misunderstood the point that Examiner was 
trying to make. The Examiner was simply alluding to the non-controversial fact that 
search engines, upon being queried by a user, typically find a plurality of web pages 
comprising the keyword(s) present in one's search query and returns the results to said 
user. Although the Examiner would readily admit that the question of how best to 
appropriately rank the results in order of relevance to said user is a non-trivial problem, 
for purposes of the claimed invention the order of the results is irrelevant because the 
claimed invention looks solely at the number of hits returned; the claimed invention does 
not care why or in what context the password, string, and other key words that might be 
part of the query would be found in each result(s), just so long as a requisite plurality of 
results with all the keywords in the original query are found. Although the Examiner had 
believed that the basic functionality of search engines was generally well understood by 
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the general public - let alone by those of ordinary skill in the art - nevertheless for 
Applicant's edification the Examiner has included a copy of the Help page for Google 
circa 1999 which confirms that it was common knowledge that as a default behavior the 
well known Google search engine returns only those pages which match all the 
keywords presented in the query (page 1 , "Automatic AND"; see also the last bullet 
point on page 1 ). In other words, when one presents a search engine with a query, the 
default expectation one would have is that every result returned comprises at least one 
instance of each keyword from said query. Contrary to Applicant's previous arguments 
to the contrary, there is no need to re-examine the results returned by the search engine 
to weed out results that lack one or more of the keywords. This leads to the Examiner's 
second point: although the Applicant stresses that "the string recited by claim 1 need 
not be submitted to the search engine as part of the search query" (amendment, page 
8, last line), neither does the claim nor the Applicant require that the search query is 
exclusively limited to the "keyword derived from the proposed password"; to the 
contrary, search queries with a plurality of keywords are a requirement in at least some 
dependent claims (e.g. claim 2). Thus, since Wong as previously cited clearly teaches 
using querying a search engine for various strings based on rules for selections of 
passwords to try and determine if a password is weak, then it would essentially follow 
that the incorporation of this aspect of Wong's invention into the P-Synch tool (which 
has access to the proposed password and must necessarily provide it to any plugin 
implementing a new password rule: P-Synch: page 127, "10.19.1 Adding new rules with 
a plugin program", beginning at "After a user selects a new password...") would logically 
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result in integrating the proposed password (keeping in mind that under the broadest 
reasonable interpretation permitted by Applicant's specification, the proposed password 
itself qualifies as a "keyword derived from the proposed password", albeit in the most 
trivial fashion: again see Applicant's claim 2) into the queries already being performed 
by Wong, in order to realize the improved result of detecting weak passwords before a 
user has the chance to establish them as the new password to one's account(s); 
instead of detecting them after the fact, as per the original disclosure by Wong. 
3. In response to Applicant's arguments against the references individually - and in 
particular the Eitel reference - one cannot show nonobviousness by attacking 
references individually where the rejections are based on combinations of references. 
See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981 ); In re Merck & Co., 800 
F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). As discussed above, the combination of P- 
Synch and Wong disclose already disclose every limitation except using the number of 
returned results as a threshold to determine if the search succeeded or failed. Thus, 
Eitel was cited by the Examiner as an example of the general ability to search for 
arbitrary information on the Internet, including the ability to declare a search as 
unsuccessful if too few records are returned by a particular query (see where cited). 
Applicant's argument(s) that Eitel fails to specifically teach searching for passwords in 
any capacity is thus not persuasive, as Applicant assumes that a person of ordinary skill 
in the art would be led only to those elements of prior art designed to solve the same 
problem as that solved by the Applicant. However, the Supreme Court makes it clear 
that this is an impermissibly narrow interpretation of obviousness: 



Application/Control Number: 10/815,191 
Art Unit: 2435 



Page 5 



The first error of the Court of Appeals in this case was to foreclose this reasoning by 
holding that courts and patent examiners should look only to the problem the patentee 
was trying to solve. 119 Fed. Appx., at 288. The Court of Appeals failed to recognize that 
the problem motivating the patentee may be only one of many addressed by the patent's 
subject matter. The question is not whether the combination was obvious to the 
patentee but whether the combination was obvious to a person with ordinary skill 
in the art. Under the correct analysis, any need or problem known in the field of 
endeavor at the time of invention and addressed by the patent can provide a 
reason for combining the elements in the manner claimed. 

The second error of the Court of Appeals lay in its assumption that a person of ordinary 
skill attempting to solve a problem will be led only to those elements of prior art designed 
to solve the same problem. Ibid. The primary purpose of Asano was solving the constant 
ratio problem; so, the court concluded, an inventor considering how to put a sensor on an 
adjustable pedal would have no reason to consider putting it on the Asano pedal. Ibid. 
Common sense teaches, however, that familiar items may have obvious uses 
beyond their primary purposes, and in many cases a person of ordinary skill will 
be able to fit the teachings of multiple patents together like pieces of a puzzle. 
Regardless of Asano's primary purpose, the design provided an obvious example of an 
adjustable pedal with a fixed pivot point; and the prior art was replete with patents 
indicating that a fixed pivot point was an ideal mount for a sensor. The idea that a 
designer hoping to make an adjustable electronic pedal would ignore Asano because 
Asano was designed to solve the constant ratio problem makes little sense. A person of 
ordinary skill is also a person of ordinary creativity, not an automaton. 

KSR v. Teleflex, 550 USPQ2d at 1397; emphasis Examiner's. Although Eitel 

only describes specific examples of searching for airline tickets, hotels (column 3) and 

real estate listings (column 5), Eitel is not limited to these fields of endeavor but instead 

can apply to any and all types of searches (col. 9, lines 30-40); and since not only would 

a common search engine like Google present the number of results returned along with 

links to said results (see Google Help, page 1 , "Do more than query") but also that Eitel 

teaches where it may be advantageous to disregard searches that produce too few 

results, so too would it have been obvious for one of ordinary skill in the art to disregard 

password searches of the type conducted by P-Synch (as modified by a Wong plugin), if 

such searches were to produce an insufficient number of desired results. 
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Claim Objections 

4. Applicant is advised that should claim 1 be found allowable, claims 17 and 19 will 
be objected to under 37 CFR 1 .75 as being a substantial duplicate thereof. When two 
claims in an application are duplicates or else are so close in content that they both 
cover the same thing, despite a slight difference in wording, it is proper after allowing 
one claim to object to the other as being a substantial duplicate of the allowed claim. 
See MPEP § 706.03(k). In this case, both claims 17 & 19 simply use alternative 
phraseology to restate the "rejecting the proposed password" limitation; as such, both 
claims are needlessly redundant and do not further limit the parent claim(s). 



Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1 -1 6 and 1 9-27 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over"P-Synch Installation and Configuration Guide" (hereinafter, "P- 
Synch") in view of Wong (U.S. Patent Application Publication 2005/0102534) in view of 



Eitel (U.S. Patent 7,043,521). 
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Regarding claims 1, 21, and 27: 

P-Synch discloses a method, apparatus, and article of manufacture for 
evaluating a password proposed by a user, comprising: receiving a proposed password 
from a user (page 4, "3. Users select a new password..."); and rejecting the proposed 
password based on a rule for the selection of passwords (page 4, "4. P-Synch checks 
the new password..."; cf. pages 124-126 for sample rules). 

P-Synch does not explicitly disclose performing an Internet search using a query 
containing one or more keywords derived from said proposed password, and rejecting 
the password based on the results returned by said search engine. However, it is 
observed that P-synch, while already possessing a defined set of rules to measure a 
proposed password's strength, can nevertheless be extended by allowing an admin to 
add new rules via a plug-in (page 127, section 10.19.1 "Adding new rules with a plug-in 
program"). In that vein, Wong discloses a related security auditing tool including inter 
alia functionality to test passwords according to various security criteria, said 
functionality in turn including inter alia querying one or more Internet search engines to 
determine if a password can be correlated to a user according to any number of criteria 
(paragraphs 01 08-01 1 0 and 01 27). It would have been obvious to one of ordinary skill 
in the art to develop a plug-in for P-Synch that implements the above functionality 
disclosed by Wong's automated password cracker to determine if a proposed new 
password can be correlated to a user, as the technique is clearly within the capabilities 
of one of ordinary skill in the art. 
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Although Wong discloses wherein his search-engine-employing password 
searcher may be recursively iterated to continue churning up multiple hits that could 
inadvertently reveal a user's password (paragraph 0110), it is unclear if this step is 
taken only when the previous queries failed to find the password or whether the system 
is trying to confirm that it has found one's password by finding multiple pages containing 
it. Nevertheless, Eitel discloses a related technique to be employed during a search for 
arbitrary information on the Internet wherein the search will fail if, for example, the 
search comprised too few hits to satisfy a pre-established threshold (col. 6, line 46 - col. 
7, line 3). It would have been obvious to one of ordinary skill in the art to set a minimum 
threshold for search hits for determining if the Wong plug-in has found one's password, 
as the technique is clearly within the capabilities of one of ordinary skill in the art, and 
one would have had a good reason to pursue the known options within one's grasp. If 
setting a minimum threshold for search hits would lead to anticipated success, it would 
be the product not of innovation but of ordinary skill and common sense. 

Regarding claims 2 and 22: 

P-Synch in view of Wong further discloses wherein the proposed password 
comprises a telephone number (P-Synch: pages 83 & 200; Wong: paragraph 0109); the 
search query comprises (i) a user name that is associated with the proposed password 
and (ii) the proposed password (P-Synch: page 127, "10.19.1 Adding new rules with a 
plugin program"; Wong: Ibid); and the string is an identifier of a person (i.e. the 
aforementioned username: P-Synch & Wong, Ibid). 
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Regarding claim 3: 

P-Synch further discloses wherein said one or more predefined correlation rules 
evaluate whether that said proposed password can be quantitatively correlated with said 
user (i.e. the password is similar to the username: page 126, as indicated). 

Regarding claims 4, 6, 23, and 24: 

P-Synch in view of Wong further discloses wherein said proposed password is 
comprised of a proposed answer and a proposed hint (P-Synch: the user Q&A profiles 
on pages 83 and 199-200), and wherein the proposed answer can be correlated 
with/obtained from the proposed hint in a particular relation (Wong: pars. 0108-01 10). 

Regarding claim 5: 

P-Synch further discloses wherein said particular relation is selected from the 
group consisting essentially of self, family member, co-author, teammate, colleague, 
neighbor, community member, or household member (pages 83, 199, & 200). 

Regarding claims 7 and 25: 

P-Synch further discloses wherein said proposed password is an identifying 
number (e.g. PIN number, e.g. page 6, "2.2.2 Authentication Systems"). 
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Regarding claims 8 and 26: 

P-Synch in view of Wong further discloses wherein the rule evaluates whether 

the identifying number identifies a person in a particular relationship to the user (P- 

Synch: "Family member phone number that is not your own", pages 83 and 200; Wong: 

paragraph 0109). 

Regarding claim 9: 

P-Synch further discloses wherein said one or more pre-defined correlation rules 
evaluate whether said identifying number is a top N most commonly used identifying 
number (in the embodiment where the password is a PIN, the password history rules on 
pages 126 and 127). 

Regarding claim 10: 

P-Synch in view of Wong further discloses wherein the rule evaluates whether 
the identifying number identifies a top N commercial entity (P-Synch: "radio station dial 
number" at pages 83 and 200; Wong: paragraph 0109). 

Regarding claim 1 1 : 

P-Synch in view of Wong further discloses wherein the rule evaluates whether 
the identifying number identifies the user (P-Synch: "Your SSN", Ibid; Wong: Ibid). 
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Regarding claims 12-14: 

P-Synch further discloses wherein said identifying number is a portion of a 

telephone number, address, or social security number (pages 83 and 200). 

Regarding claim 15: 

P-Synch further discloses wherein said proposed password is a word (page 125, 
the dictionary rules). 

Regarding claim 16: 

Eitel further discloses wherein the search engine tool retrieves a plurality of web 
pages (col. 6, Ibid; see also col. 1 , lines 43-50 regarding this being generally very well 
known in the art). 

Regarding claims 17 & 19: 

These claims are rejected for substantially similar reasons as discussed in the 
rejection(s) of claims 1 & 16 supra. 

Regarding claim 20: 

P-Synch and Wong further disclose wherein said step of ensuring a correlation 
further comprises the step of performing a number classification (P-synch: the digits 
rules on page 125), wherein the number classification identifies usage of one or more 
numbers found in a web page (Wong, paragraph 0109). 
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Conclusion 

7. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: U.S. Patent 6,285,999 to Page. 

8. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Thomas Gyorfi whose telephone number is (571)272- 
3849. The examiner can normally be reached on 9:30am - 6:00pm Monday - Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

TAG 
10/20/10 

/Kimyen Vu/ 
Supervisory Patent Examiner, Art Unit 2435 



